These days I'm reading about quantum computing and quantum cryptography which I've found extremely interesting. Well, I also read some blog posts of Bruce Schneier talking about how quantum computers threaten our current asymmetric crypto-systems. However, I don't know whether quantum computers also threaten symmetric crypto-systems (AES, Vernam cipher, etc.).

1 Answer
1

With Grover's algorithm, quantum computers can brute-force a block cipher with $n$-bit keys using $2^{n/2}$ steps, which is much smaller than the regular effort ($2^n$). This means, for example, that AES-128 could be broken with $2^{64}$ steps, and that AES-256 would offer the same security that AES-128 offers currently.